UNPKG

@mbc-cqrs-serverless/core

Version:

CQRS and event base core

mbc-cqrs-serverless.mbc-net.com

mbc-net/mbc-cqrs-serverless

67 lines 2.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var RolesGuard_1; Object.defineProperty(exports, "__esModule", { value: true }); exports.RolesGuard = void 0; const common_1 = require("@nestjs/common"); const core_1 = require("@nestjs/core"); const constants_1 = require("../constants"); const context_1 = require("../context"); const decorators_1 = require("../decorators"); let RolesGuard = RolesGuard_1 = class RolesGuard { constructor(reflector) { this.reflector = reflector; this.logger = new common_1.Logger(RolesGuard_1.name); } async canActivate(context) { // check tenant const allowedTenant = await this.verifyTenant(context); if (!allowedTenant) { return false; } // check role permissions const allowedRole = await this.verifyRole(context); return allowedRole; } // eslint-disable-next-line @typescript-eslint/no-unused-vars async verifyTenant(context) { // Get tenant code from header const userContext = (0, context_1.getUserContext)(context); // required tenant code return !!userContext.tenantCode; } async verifyRole(context) { const requiredRoles = this.reflector.getAllAndOverride(decorators_1.ROLE_METADATA, [context.getHandler(), context.getClass()]); if (!requiredRoles || !requiredRoles.length) { // all user can access return true; } const userRole = await this.getUserRole(context); if (!userRole) { return false; } if (userRole === constants_1.ROLE_SYSTEM_ADMIN) { return true; } return requiredRoles.includes(userRole); } // eslint-disable-next-line @typescript-eslint/no-unused-vars async getUserRole(context) { const userContext = (0, context_1.getUserContext)(context); return userContext.tenantRole; } }; exports.RolesGuard = RolesGuard; exports.RolesGuard = RolesGuard = RolesGuard_1 = __decorate([ (0, common_1.Injectable)(), __metadata("design:paramtypes", [core_1.Reflector]) ], RolesGuard); //# sourceMappingURL=roles.guard.js.map